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Abstract 

We introduce cj-Petri nets (u;PN), an extension of plain Petri nets with ui- 
labeled input and output arcs, that is well-suited to analyse parametric concur- 
rent systems with dynamic thread creation. Most techniques (such as the Karp and 
Miller tree or the Rackoff technique) that have been proposed in the setting of plain 
Petri nets do not apply directly to ojPN because ojPN define transition systems that 
have infinite branching. This motivates a thorough analysis of the computational 
aspects of ljPN. We show that an o;PN can be turned into an plain Petri net that 
allows to recover the reachability set of the ojPN, but that does not preserve ter- 
mination. This yields complexity bounds for the reachability, (place) boundedness 
and coverability problems on ojPN. We provide a practical algorithm to compute 
a coverability set of the o;PN and to decide termination by adapting the classical 
Karp and Miller tree construction. We also adapt the Rackoff technique to o;PN, 
to obtain the exact complexity of the termination problem. Finally, we consider 
the extension of o;PN with reset and transfer arcs, and show how this extension 
impacts the decidability and complexity of the aforementioned problems. 



1 Introduction 

In this paper, we introduce w-Petri nets (cjPN), an extension of plain Petri nets (PN) 
that allows input and output arcs to be labeled by the symbol ui, instead of a natu- 
ral number. An w-labeled input arc consumes, non-deterministically, any number of 
tokens in its input place while an w-labeled output arc produces non-deterministically 
any number of tokens in its output place. We claim that cjPN are particularly well suited 
for modeling parametric concurrent systems (see for instance our recent work on the 
Grand Central Dispatch technology [12]), and to perform parametric verification |[T4l 
on those systems, as we illustrate now by means of the example in FigQ] The example 
present a skeleton of a distributed program, in which a main function forks P parallel 
threads (where P is a parameter of the program), each executing the one.task func- 
tion. Many distributed programs follow this abstract skeleton that allows to perform 
calculations in parallel, and being able to model precisely such concurrent behaviors is 
an important issue. In particular, we would like that the model captures the fact that P 
is a parameter, so that we can, for instance, check that the execution of the program 
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1 one_task(int k) { 

2 / / some work . . . 

3 } 

1 main() { 

5 for i := 1 to P step 1 

fork (one_task (i) ) 

7 } 
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Figure 1: An example of a parametric system with three possible models 



always terminates (assuming each individual execution of one.task does), for all 
possible values of P. Clearly, the Petri net (a) in Fig.Q~]does not capture the parametric 
nature of the example, as place p\ contains a fixed number K of tokens. The PN (b), 
on the other hand captures the fact that the program can fork an unbounded number 
of threads, but does not preserve termination: (post)" is an infinite execution of PN 
(b), while the programme terminates (assuming each one.task thread terminates) 
for all values of P, because the for loop in line [5] executes exactly P times. Finally, 
observe that the wPN (c) has the desired properties: firing transition fork creates non- 
deterministic ally an unbounded albeit finite number of tokens in p2 (to model all the 
possible executions of the for loop in line [5j, and all possible executions of this o;PN 
terminate, because the number of tokens produced in pi remains finite and no further 
token creation in pi is allowed after the firing of the fork transition. 

While close to Petri nets, cjPN are sufficiently different that a thorough and careful 
study of their computational properties is required. This is the main contribution of the 
paper. A first example of discrepancy is that the semantics of wPN is an infinite transi- 
tion system which is infinitely branching. This is not the case for plain PN: their tran- 
sition systems can be infinite but they are finitely branching. As a consequence, some 
of the classical techniques for the analysis of Petri nets cannot be applied. Consider for 
example the finite unfolding of the transition system [ 1 1 that stops the development 
of a branch of the reachability tree whenever a node with a smaller ancestor is found. 
This tree is finite (and effectively constructible) for any plain Petri net and any initial 
marking because the set of markings N fc is well-quasi ordered, and finite branching of 
plain Petri nets allows for the use of Konig's lemmfl However, this technique cannot 
be applied to o;PN, as they are infinitely branching. Such peculiarities of o;PN motivate 
our study of three different tools for analysing them. First, we consider, in Section [3] 
a variant of the Karp and Miller tree [15| that applies to wPN. In order to cope with 
the infinite branching of the semantics of wPN, we need to introduce in the Karp and 
Miller tree cj's that are not the result of accelerations but the result of w-output arcs. 
Our variant of the Karp and Miller construction is recursive, this allows us to tame the 
technicality of the proof, and as a consequence, our proof when applied to plain Petri 
nets, provides a simplification of the original proof by Karp and Miller. Second, in 
Section [4] we show how to construct, from an wPN, a plain Petri net that preserve its 
reachability set. This reduction allows to prove that many bounds on the algorithmic 

1 In fact, this construction is applicable to any well-structured transition system which is finitely branching 
and allows to decide the termination problem for example. 
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Table 1 : Complexity results on loPN (with the section numbers where the results are 
proved). cjIPN+R (wOPN+R) and u;IPN+T (wOPN+T) denote resp. Petri nets with 
reset (R) and transfer (T) arcs with ui on input (output) arcs only. 



Problem 


wPN 


cjPN+T 


cjPN+R 


Reachability 


Decidable and Ex- 
PSPACE-hard © 


Undecidable (|6]i 


Undecidable © 


Place-boundedness 


ExpSpace-c © 


Boundedness 


Decidable (|6]) 


Coverability 


Decidable and Ackerman-hard (|6Jl 



Problem 


cjPN 


cjOPN+T, cjOPN+R 


uTPN+T, uTPN+R 


Termination 


ExpSpace-c © 


Undecidable (|6]l 


Decidable and 
Ackerman-hard <JSJ 



complexity of (plain) PN problems apply to wPN too. However, it does not preserve 
termination. Thus, we study, in Section [5] as a third contribution, an extension of the 
self-covering path technique due to Rackoff [19|. This technique allows to provide a 
direct proof of ExpSpace upper bounds for several classical decision problems, and in 
particular, this allows to prove ExpSpace completeness of the termination problem. 

Finally, in Section [6] as a additional contribution, and to get a complete picture, 
we consider extensions of wPN with reset and transfer arcs [7 |. For those extensions, 
the decidability results for reset and transfer nets (without cj arcs) also apply to our 
extension with the notable exception of the termination problem that becomes, as we 
show here, undecidable. The summary of our results are given in TableQ] 

Related works wPN are well-structured transition systems flTDI . The set saturation 
technique 1 1 1 and so symbolic backward analysis can be applied to them while the finite 
tree unfolding is not applicable because of the infinite branching property of wPN. For 
the same reason, wPN are not well-structured nets ifTTI . 

In Q, Bradzil et al. extends the Rackoff technique to VASS games with to output 
arcs. While this extension of the Rackoff technique is technically close to ours, we 
cannot directly use their results to solve the termination problem of cjPN. 

Several works (see for instance [0] [5] rely on Petri nets to model parametric sys- 
tems and perform parametrised verification. However, in all these works, the dynamic 
creation of threads uses the same pattern as in Fig. Q~|(b), and does not preserve ter- 
mination. wPN allow to model more faithfully the dynamic creation of an unbounded 
number of threads, and are thus better suited to model new programming paradigms 
(such as those use in GCD lfl2ll ) that have been recently proposed to better support 
multi-core platforms. 

Remark: due to lack of space, most proofs can be found in the appendix. 
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2 uj -Petri nets 



Let us define the syntax and semantics of our Petri net extension, called uj Petri nets 
(wPN for short). Let wbea symbol that denotes 'any positive integer value' . We extend 
the arithmetic and the < ordering on Z to Z U {uj} as follows: uj + uj = uj — uj = uj; 
and for all c e Z: c + uj = uj + c = uj — c = uj; c — uj = c; and c < uj. The fact 
that c — uj = c might sound surprising but will be justified later when we introduce 
ujPN . An uj-multiset (or simply multiset) of elements from S is a function m : S H> 
NU{w}. We denote multisets m of S — {si, s%, . . . , s n } by extension using the syntax 
{m(si) <g> si,m(s2) <8> s%, ■ ■ ■ , m{s n ) ® s„} (when m(s) = 1, we write s instead of 
m(s) <S> s, and we omit elements m(s) (g> s when m(s) = 0). Given two multisets mi 
and ni2, and an integer value c we let mi + mz be the multiset s.t. (mi + m2)(p) = 
m\(jp) + m-zip); mi — m 2 be the multiset s.t. (mi — m 2 )(p) = mi(p) — m 2 {p); and 
c • mi be the multiset s.t. (c ■ nii)(p) = c x mi(p) for all p e P. 

Syntax Syntactically, o;PN extend plain Petri nets ifTSl |20l by allowing (input and 
output) arcs to be labeled by uj. Intuitively, if a transition t has uj as output (resp. input) 
effect on place p, the firing of t non-deterministically creates (consumes) a positive 
number of tokens in p. 

Definition 1 A Petri net with w-arcs (ujPN) is a tuple N = (P, T) where: P is a finite 
set of places; T a finite set of transitions. Each transition is a pair t = (/, O), where: 
I : P — > N U {uj} and O : P —> N U {uj}, give respectively the input (output) effect 
I(p) (O(p)) oft on place p. 

By abuse of notation, we denote by I(t) (resp. 0(t)) the functions s.t. t — (l(t),0(t)). 
When convenient, we sometimes regard I(t) or 0(t) as uj-multisets of places. When- 
ever there is p s.t. 0(t)(p) = uj (resp. I(t)(p) — uj), we say that t is an ui-output- 
transition (uj-input-transition). A transition t is an w-transition iff it is an w-output- 
transition or an w-input-transition. Otherwise, t is a plain transition. Remark that 
a (plain) Petri net is an wPN with plain transitions only. Moreover, when an wPN 
contains no aj-output-transitions (resp. no w-input transitions), we say that it is an ui- 
input-PN (w-output-PN), or wIPN (wOPN) for short. For all transitions t, we denote by 
effect (t) the function 0(t) — lit). Remark that effect (t)(p) could be uj for some p (in 
particular when 0{t)(p) = I(t)(p) — uj). Intuitively, effect (i)(p) — uj models the fact 
that firing t can increase the marking of p by an arbitrary number of tokens. Finally, 
observe that 0{t)(p) = c ^ uj and I(t)(p) = uj implies effect(t)(p) = c — uj = c. 
This models the fact that firing t can at most increase the marking of p by c tokens. 
Thus, intuitively, the value effect (t)(p) models the maximal possible effect of t on p. 
We extend the definition of effect to sequences of transitions a = t\t% ■ ■ ■ t n by letting 
effected) = Yh=i e ff ect (U)- 

A marking is a function P H» N. An uj-marking is a function P N U {uj}, 
i.e. an w-multiset on P. Remark that any marking is an w-marking, and that, for all 
transitions t = (I, O), I and O are both w-markings. We denote by the marking 
s.t. 0(p) — for all p £ P. For all w-markings m, we let uj(m) be the set of places 
{p | m(p) = uj}, and let nhuj (m) = |u;(m)|. We define the concretisation of m 
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Figure 2: An example cjPN A/i. The o;PN A/^' is obtained by removing transition ti 
(red). 

as the set of all markings that coincide with to on all places p w(m), and take an 
arbitrary value in any place from ui(m). Formally: 7(771) = {to' | \/p ^ u>(m) : 
m '(p) = m (p)}- We further define a family of orderings on w-markings as follows. 
For any P' C P, we let 7774 -<pi iff (i) for all p 6 P': mi(p) < 7712(75), and 
(n) for all p 6 P \ P': mi(p) = m 2 (p). We abbreviate by ^ (where P is 
the set of places of the wPN). It is well-known that ^< is a well-quasi ordering (wqo), 
that is, we can extract, from any infinite sequence mi, 7712, . . . , TOj, . . . of markings, 
an infinite subsequence mi, 7772, . . . , m^, . . . s.t. to^ < m^i for all i > 1. For all 
w-markings to, we let 4_(m) be the downward-closure of to, defined as 4,(771) = {to' | 
to' is a marking and to' ^< to}. We extend 4, to sets of w-markings: i(S) = U m gs 4- 
(to). A set D of markings is downward-closed iff 1(D) = D. It is well-known that 
(possibly infinite) downward-closed sets of markings can always be represented by a 
finite set of w-markings, because the set of w-markings forms an adequate domain of 
limits lfl3ll : for all downward-closed sets D of markings, there exists a finite set M of 
w-markings s.t. i(M) = D. We associate, to each wPN, an intial marking too. From 
now on, we consider mostly initialised o;PN (P, T, too). 

Example 1 An example of an ujPN (actually an ujOPN) Af\ = (P, T, Too) is shown 
in Fig. |2 /?? this example, P = {pi , P2 , P3 }> T = {t\, £2, £3, t^}, TOo(pi) = 1 and 
m o(P2) — 777-0(^3) = 0. t\ is the only to -transition, with 0(t\)(p>i) = to. This wPN 
will serve as a running example throughout the section. 

Semantics Let to be an co-marking. A transition t = (I, O) is firable from m iff: 
m(p) >z I(p) for all p s.t. I(p) ^ u>. We consider two kinds of possible effects 
for t. The first is the concrete semantics and applies only when m is a marking. In 
this case, firing t yields a new marking to' s.t. for all p £ P: m'(p) = m(p) — 7 + 
where: i = I(t)(p) if I(t)(p) ^ w, i e {G,...,m(p)} if I(t)(p) =10,0= 0(t)(p) 
if 0(t)(p) 7^ to and o > if 0(t)(p) = ui. This is denoted by to — >■ to'. Thus, 
intuitively, I(t)(p) = to (resp. 0(t)(p) = lu) means that t consumes (produces) an 
arbitrary number of tokens in p when fired. Remark that, in the concrete semantics, uj- 
transitions are non-deterministic: when t is an w-transitions that is firable in to, there 
are infinitely many m! s.t. to — > to'. The latter semantics is the Lo-semantics. In this 
case, firing t = (I, O) yields the (unique) w-marking to' = m — I + O (denoted 
to to'). Remark that to A to' iff to A w to' when to and to' are markings. 
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We extend the — Y and — » u relations to finite or infinite sequences of transitions in 
the usual way. Also we write m iff a is firable from m. More precisely, for a finite 
sequence of transitions a = t\ ■ ■ ■ t n , we write m iff there are mi, . . . , m n s.t. for 

all 1 < i < n: m.j_i rrii. For an infinite sequence of transitions a = t\ ■ ■ ■ t 3 ■ ■ ■ ■ , 

we write mo iff there are mi, . . . , rrij, . . . s.t. for all i > 1: m,_i m^. 

Given an wPN A/" = (P, T, mo), an execution of A/" is either a finite sequence of 

the form too, ti, mi, t%, . . . ,t n , m n s.t. too — ^> mi — h ■ ■ ■ m n , or an infinite 

tj 

sequence of the form mo, t\, mi, £2, tj, m.j, ... s.t. for all j > 1: m-j-i — Y rrij. 
We denote by Reach (A/ - ) the set of markings {m | 3a s.t. too —Y to} that are reachable 
from too in J\f. Finally, a finite set of uj- markings CS is a coverability set of M (with 
initial marking too) iff i(CS) =4. (Reach (AA)). That is, any coverability set CS is a 
finite representation of the downward-closure of Af's reachable markings. 

Example 2 The sequence t\t^ is firable for all K > in Ai (Fig. [2]). Indeed, for 
each K > 0, one possible execution corresponding to t\t^ is given by (1,0,0) — l -Y 

(0, 3K, 0) (0, 3K - 1, 2) (0, 3Jf - 2, 4) • • • ^ (0, 2K, IK). Remark that 
there are other possible executions corresponding to the same sequence of transitions, 
because the number of tokens created by t\ in p2 is chosen non-deterministically. Also, 
tlt2*4 is an infinite firable sequence of transitions. Finally, observe that the set of 
reachable markings in M\ is Reach(A/") = {(1,0,0)} U {(0,i,2 x j) \ i,j G N}. 
The set of lo markings CS = {(1, 0, 0), (0, uj, uj)} is a coverability set of M . Note that 
4-(CiS) |3 Reach(A/").' for instance, (0, 1, 1) E^,(CS), but (0, 1, 1) is not reachable. 

Let us now observe two properties of the semantics of cjPN, that will be useful for 
the proofs of Section|3] The first says that, when firing a sequence of transitions a that 
have non cj-labeled arcs on to and from some place p, the effect of a on p is as in a 
plain PN: 

Lemma 1 Let to and m! be two markings and let a = t± ■ • ■ t n be a sequence of 
transitions of an ujPN s.t. m —Y ml. Let p be a place s.t. for all 1 < i < n: 
0{U){p) ^uj^ I(U)(p). Then, m'(p) = m(p) + effect(a){p). 

The latter property says that the set of markings that are reachable by a given sequence 
of transitions a is upward-closed w.r.t. <p>, where P' is the set of places where the 
effect of a is uj. 

Lemma 2 Let mi, and m.3 be three markings, and let a be a sequence of transi- 
tions s.t. (i) mi — Y m% (ii) to 3 >zpi to 2 with P' = {p \ effect (a) (p) = uj}. Then, 
toi to 3 holds too. 

Problems We consider the following problems. Let j\f = (P, T, m ) be an cjPN: 

1. The reachability problem asks, given a marking to, whether to e Reach (N). 

2. The place boundedness problem asks, given a place p of j\f, whether there exists 
K € N s.t. for all to € Reach(AT): m(p) < K. If the answer is positive, we say 
that p is bounded (from mo). 
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3. The boundedness problem asks whether all places of Af are bounded (from too). 

4. The covering problem asks, given a marking to of Af, whether there exists to' £ 
Reach (A/ - ) s.t. m' >: to. 

5. The termination problem asks whether all executions of Af are finite. 

Remark that a coverability set of the cjPN is sufficient to solve boundedness, place 
boundedness and covering, as in the case of Petri nets. If CS is a coverability set of Af, 
then: (z) p is bounded iff m(p) ^ u> for all to S C5; (ii) A/" is bounded iff m(p) ^ uj 
for all p and for all to £ C5; and (Hi), Af can cover to iff there exists m' 6 CS s.t. 
to ^ to'. As in the plain Petri nets case, a sufficient and necessary condition of non- 
termination is the existence of a self covering execution. A self covering execution of 

an wPN Af = (P, T, too) is a finite execution of the form too — 1 -+ toi • • • to^ t+1 > 

• • ■ to„ with m n y to^: 

Lemma 3 An loPN terminates iff it admits no self-covering execution. 

Example 3 Consider again the ujPN Af\ in Fig. [2] Recall from Example\2\that, for all 
K > 0, titcf is firable and allows to reach (0, 2K, 2K). All these markings are thus 
reachable. These sequences of transitions also show that p2 and P3 are unbounded 
(hence, Af\ is unbounded too), while p\ is bounded. Marking (0, 1, 1} is not reachable 
but coverable, while (2, 0, 0) is neither reachable nor coverable. Finally, Af\ does not 
terminate (because t^t^ is firable), while Af[ does. In particular, in Af[, £3 can fire 
only a finite number of time, because t\ will always create a finite (albeit unbounded) 
number of tokens in p2- This an important difference between uPN and plain PN: no 
unbounded PNs terminates, while there are unbounded ujPN that terminate, e.g. Af[. 

3 A Karp and Miller procedure for wPN 

In this section, we presents an extension of the classical Karp& Miller procedure lfj"5l . 
adapted to wPN. We show that the finite tree built by this algorithm (coined the KM 
tree), allows, as in the case of PNs, to decide boundedness, place boundednes, cover- 
ability and termination on cjPN. 

Before describing the algorithm, we discuss intuitively the KM trees of the wPN 
Af\ and Af[ given in Fig. [2] Their respective KM trees (for the initial marking too = 
(1, 0, 0}) are 71 and T{, respectively the tree in Fig. |3]and its black subtree (i.e., ex- 
cluding 7ij). As can be observed, the nodes and edges of a KM tree are labeled by 
w-markings and transitions respectively. The relationship between a KM tree and the 
executions of the corresponding usPN can be formalised using the notion of stutter- 
ing path. Intuitively, a stuttering path is a sequence of nodes n\,n%, . . . ,rif. s.t. for 
all i > 2: either ni is a son of n,_i, or is an ancestor of n^-i that has the same 
label as rij— 1. For instance, n = m, n 2, ^4, ^2, ^3, n^, n^, 715, 713, n§ is a stuttering 
path in Then, we claim (i) that every execution of the ujPN is simulated by a 
stuttering path in its KM tree, and that (ii) every stuttering path in the KM tree cor- 
responds to a family of executions of the ujPN, where an arbitrary number of tokens 
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Figure 3: The KM trees 71 (whole tree) and T[ (black subtree) of resp. M\ and Af[. 



can be produced in the places marked by ui in the KM tree. For instance, the execution 
m , t u (0, 42, 0), t 3 , (0, 41, 0), t 2 , (0, 40, 2), t 3> (0, 39, 2), i 2 , (0, 38, 4), ta, (0, 37, 6), of 
A/"i is witnessed in 7i by the stuttering path ir given above - observe that the se- 
quence of edge labels in 7r's equals the sequence of transitions of the execution, and 
that all markings along the execution are covered by the labels of the corresponding 
nodes in ir: ttiq G 7(711), (0,42,0) G 7(^2), and so forth. On the other hand, the 
stuttering path rii,n.2, ^3 of A/i summarises all the (infinitely many) possible execu- 
tions obtained by firing a sequence of the form tit^. Indeed, for all k > 1, £ > 0: 
m , ti, (0, k + £, 0), t 2l (0, k + £ — 1, 2), t 2 , ■ ■ ■ , t 2 , (0, fc, 2 X £) is an execution of 
7Vi, so, an arbitrary number of tokens can be obtained in both p 2 and 7)3 by firing se- 
quences of the form t\V^ . Finally, observe that a self-covering execution of M\, such as 
mo, ti, (0, 1, 0), t2, (0, 0, 2), £4, (0, 0, 2) can be detected in 7i, by considering the path 
^l, "-2, H3, 7J7, and noting that the label of (72,3, 717) is t4 with effect(ti) >z 0. 

The Build-KM algorithm Let us now show how to build algorithmically the KM 
of an wPN. Recall that, in the case of plain PNs, the Karp& Miller tree |[T5l can be 
regarded as a finite over-approximation of the (potentially infinite) reachability tree of 
the PN. Thus, the Karp& Miller algorithm works by unfolding the transition relation of 
the PN, and adds two ingredients to guarantee that the tree is finite. First, a node n that 
has an ancestor n' with the same label is not developed (it has no children). Second, 
when a node n with label m has an ancestor n' with label m' -< to, an acceleration 
function is applied to produce a marking to w s.t. m w (p) = w if m(p) > m'(p) and 
m w(p) = m(p) otherwise. This acceleration is sound wrt to coverability since the 
sequence of transition that has produced the branch (n, n') can be iterated an arbitrary 
number of times, thus producing arbitrary large numbers of tokens in the places marked 
by ui in m u , Remark that these two constructions are not sufficient to ensure termina- 
tion of the algorithm in the case of wPN, as wPN are not finitely branching (firing an 
w-output-transition can produce infinitely many different successors). To cope with 
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this difficulty, our solution unfolds the ui-semantics — > u instead of the concrete seman- 
tics — h This has an important consequence: whereas the presence of a node labeled by 
rn with m(p) = to in the KM tree of a PN AT implies that TV does not terminate, this is 
not true anymore in the case of loPN. For instance, all nodes but n\ in T[ (Fig. [3} are 
marked by to, yet the corresponding toPN Af{ (Fig. [2j does terminate. 

Our version of the Karp& Miller tree adapted to loPN is given in Fig. [4] It builds a 
tree T = (N, E, A, u, no) where: N is a set of nodes; E C TV x iV is a set of edges; 
A : N H> (N U {w}) p is a function that labels nodes by w-marking^; /i : E i-> T is 
a labeling function that labels arcs by transitions; and no G is the root of the tree. 
For each edge e, we let effect (e) = effect (/x(e)). Let i? + and £?* be respectively the 
transitive and the transitive reflexive closure of E. A stuttering path is a finite sequence 
no, ni, . . . , ng s.t. for all 1 < i < I: either (n,_i, n^) G E or (n,;, Uj_i) G £ ,+ and 
A(n^) = A(rii_i). A stuttering path no, ri\, . . . , rig is a {plain) path iff (rij_i, n^) G 
for all 1 < i < £. Given two nodes n and n' s.t. (n, n') G E* , we denote by n ~~> n' 
the (unique path) from n to n'. Given a stuttering path 7r = no, n\, . . . , nt, we denote 
by /^(7r) the sequence /x(no, ni)yLt(ni, n2) ■ ■ • u(n^_i, n^) assuming u(rii, n^ + i) = e 
when (ni,ni + i) ^ _E; and by effect{ir) = X)i=i e ff ec t( n i-ii n i)> letting effect(rii-i, rii) — 
when (n^, n^+i) ^ _E. 

Build-KM follows the intuition given above. At all times, it maintains a fron- 
tier U of tree nodes that are candidate for development (initially, U = {no}, with 
M n o) = mo)- Then, Build-KM iteratively picks up a node n from U (see line|4j, and 
develops it (line [6] onwards) if n has no ancestor n' with the same label (line O. De- 
veloping a node n amounts to computing all the marking m s.t. A(n) — > u m (line [XT), 
performing accelerations (line [19} if need be, and inserting the resulting children in the 
tree. Remark that Build-KM is recursive (see line|9]i: every time a marking m with 
an extra to is created, it performs a recursive call to Build-KM(A/", m), using m as 
initial marking^. 

The rest of the section is devoted to proving that this algorithm is correct. We start 
by establishing termination, then soundness (every stuttering path in the tree corre- 
sponds to an execution of the wOPN) and finally completeness (every execution of the 
wOPN corresponds to a stuttering path in the tree). To this end, we rely on the follow- 
ing notions. Symmetrically to self-covering executions we define the notion of self- 
covering (stuttering) path in a tree: a (stuttering) path 7r is self-covering iff n = it 
with effect(iT2) > 0. A self-covering stuttering path 7r = ti^^ is to-maximal iff for all 
nodes n, n' along 7r 2 : nbto (n) = nbw (n'). 

Termination Let us show that Build-KM always terminates. First observe that the 
depth of recursive calls is at most by |P| + 1, as the number of places marked by to 
along a branch does not decrease, and since we perform a recursive call only when a 
place gets marked by to and was not before. Moreover, the branching degree of the tree 
is bounded by the number \T\ of transitions. Thus, by Konig's lemma, an infinite tree 
would contain an infinite branch. We rule out this possibility by a classical wqo argu- 

2 We extend A to set of nodes S in the usual way: \(S) = {A(n) | n S S}. 

3 Although this differs from classical presentations of the Karp& Miller technique, we have retained it 
because it simplifies the proofs of correctness. 
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Input an wOPN Af = (P, T) and an w-marking m 
Output the KM of Af, starting from mo 

Build-KM (Af, m ): 



1 T : = (N, E, A, fi, no) where N — {no} with A(no) = rno 

2 U := {no} 

3 while U 7^ 0: 

4 select and remove n from U 

5 if Jn st (n,n) G-E + and A(n) = A(n) : 

6 forall t in T s.t. Vp € P : J(t)(p) ^ w implies A(n)(p) > 7(t)(p) : 

7 m' := Post (A/ - , A(n), i) 

8 if nbcj (m') > nboj (A(n)) : 

9 T' := Build-KM (Af , m') 

10 add all edge and nodes of T' to T 

11 let n' be the root of T' 

12 else 

13 n' : = new node with A(n') = m' 

14 U := U U {n'} 

15 E := EU(n,n') s.t. n(n,n') = t. 



16 return T 



Post(jV,n,t): 

17 m' := A(n) -l(t) + 0(t) 

18 if 3n : (n, n) £ E + A A(n) -< A(n)) : 

fm'(p) if effecting n-t)(p) <0 
a; otherwise 



m w (p) := 



return m„ 
21 else: 
2 2 return m' 



Figure 4: The algorithm to build the KM of an cjPN. 



ment: if there were an infinite branch in the tree computed by Bui Id- KM (.A/, mo), 
then there would be two nodes n\ along the branch U2 (where n\ is an ancestor of 
TI2) s.t. A(ni) < \(ri2) and effect (ni 712) h 0- Since the depth of recursive calls 
is bounded, we can assume, wlog, that ni and ri2 have been built during the same 
recursive call, hence A(ni) < is not possible, because this would trigger an ac- 

celeration, create an extra ui and start a new recursive call. Thus, X(n%) = A(n2), but 
in this case the algorithm stops developing the branch (line |5]l. See the appendix for a 
full proof. 

Proposition 1 For all luPN J\f and for all marking mo, Build-KM(Af, mo) termi- 
nates. 

Then, following the intuition that we have sketched at the beginning of the section, 
we show that KM is sound (Lemma |4]i and complete (Lemma [6). Note that we first 
establish these results assuming that the luPN Af given as parameter is an ujOPN, then 
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prove that the results extend to the general case o/luPN. 

Soundness To establish soundness of our algorithm, we show that, for every path 
no, . . . , rife in the tree returned by Bui Id- KM (A/ - , mo), and for every target marking 
m G j(X(nk)), we can find an execution of TV reaching a marking m' G j(nk) that 
covers m. This implies that, if \(rik)(p) — oj for some p, then, we can find a family 
of executions that reach a marking in 7(rifc) with an arbitrary number of tokens in p. 
For instance, consider the path n\, n^, in T{ (Fig. |3), and let m = (0, 2, 4). Then, 
a corresponding execution is (1,0,0) ^ (0,4,0) % (0,3,2) (0,2,4). Remark 
that the execution is not necessarily the sequence of transitions labeling the path in 
the tree: in this case, we need to iterate £2 to transfer tokens from p^ to p%, which is 
summarised in one edge (712, 77.3) in 71, by the acceleration. 

Lemma 4 Let TV be an ujOPN, let mo be an cu-marking and let T be the tree returned 
by Build-KM(J\f, mo). Let 7r = no, . . . , rife be a stuttering path in 7~, and let m be 

a marking in 7(A(rife)). Then, there exists an execution = mo mi • ■ ■ — ^> mi 
of J\f s.t. mg G 7(A(rife)), me y m and mo G 7(A(tiq)). Moreover, when for all 
< i < j < fc: nboi (rii) = nbw (rij), we nave: t\ - ■ - te = p(ir). 

Completeness Proving completeness amounts to showing that every execution (start- 
ing from mo) of an o;PN TV is witnessed by a stuttering path in Bui Id- KM (TV, mo). 
It relies on the following property: 

Lemma 5 Let TV be an luOPN, let m be an u-marking, and let T be the tree returned 
by Build-KM(N ', m ) . Then, for all nodes n of Build-KM(N ', m ) : 

• either n has no successor in the tree and has an ancestor n s.t. A(n) = A(n). 

• or the set of successors of n corresponds to all the — > w possible successors of 
X(n), i.e.: {/x(n, n') | (n, n') G E} = {t | A(n) — Moreover, for each n' 
s.t. (n,n f ) G E and p(n,n') = t: A(n') >; A(n) + effect (t). 

We can now state the completeness property: 

Lemma 6 Let TV fee an ujOPN with set of transitions T, let mo be an initial marking 
and let mo — ^ m\ • • • — ^> m„ fee an execution of M. Then, there are a stuttering 
pathir — riQ,ni, . . . ,rikin Build-KM(Af,mo) and a monotonic increasing mapping 
h : {l,...,n} 1 — ^ {0, . . . , k} s.t.: fJ>(n) = t\t2 ■ ■ ■ t n and m, ^ A(n/ l (j)) for all 
0<i<n. 

From wOPN to cjPN We have shown completeness and soundness of the Bui Id- KM 
algorithm for cjOPN. Let us show that each wPN TV can be turned into an cjOPN 
remlcj(TV) that (i) terminates iff TV terminates and (ii) that has the same coverability 
sets as TV. The cjOPN remlw(TV) is obtained from TV by replacing each transition t G 
T by a transition t' G V s.t. 0(f) = 0(t) and 1(f) = {I(t)(p) <gsp \ I(t)(p) ^ uj}. 
Intuitively, t' is obtained from t by deleting all u input arcs. Since f always consumes 
less tokens than t does, the following is easy to establish: 
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Lemma 7 Let TV be an loPN. For all executions tuq, t'i,m\, . . . ,t' n ,m n of remluj(J\f): 
mo, ti, mi, ■ ■ ■ ,t n , m n is an execution of M. For all finite (resp. infinite) executions 
uiq , ti , mi , . . . , t n , m n ( mo , t± , mi , . . . , tj , mj , . . .) of TV, f/iere ew'ste an execution 
mo,t[,m[, . . . ,t' n ,m' n (mo,ti,m[, . . . ,tj,m'j, . . .) of remlu(AT), s.t. m-i < m^for 
all i. 

Intuitively, this means that, when solving coverability, (place) boundedness or ter- 
mination on an wPN TV, we can analyse remlw(TV) instead, because TV terminates iff 
remlaj(TV) terminates, and removing the w-labeled input arcs from TV does not allow 
to reach higher markings. Finally, we observe that, for all cjPN TV, and all initial mark- 
ing m : the trees returned by Bui Id- KM (A/", m ) and Build-KM (remlw(TV, m )) 
respectively are isomorphicQ This is because we have defined c — uj to be equal to c: 
applying this rule when computing the effect of a transition t (line [XT), is equivalent to 
computing the effect of the corresponding t' in remlu;(TV), i.e. letting I{t'){p) = for 
allp s.t. I(t)(p) = oj. Thus, we can lift Lemma|4]and Lemma|6]to ojPN. This establish 
correctness of the algorithm for the general o;PN case. 

Applications of the Karp& Miller tree These results allow us to conclude that the 
Karp& Miller can be used to compute a coverability set and to decide termination of 
any wPN. 

Theorem 1 Let J\f be an ujPN with initial marking mo, and let T be the tree returned 
by (N, E, A, jU, no) = Build-KM (A/", mo). Then: {%) \(N) is a coverability set of N 
and (ii) J\f terminates ifff contains an uj-maximal self-covering stuttering path. 

Proof. Point (i) follows from Lemma |4] (lifted to ljPN). Let us now prove both 
directions of point (ii). 

First, we show that if Bui Id- KM (TV, mo) contains an w-maximal self-covering 
stuttering path, then TV admits a self-covering execution from mo. Let rio, . . . , n&, 
nk+i,...,n,£ be an w-maximal self-covering stuttering path, and assume 
effect(rik+i, ■ ■ ■ , rii) > 0. Let us apply Lemma [4] (lifted to wPN), by letting m = 

and 7r = 7T2, and let mi and m,2 be markings s.t. mi ^ 7T2 \ TO2 . The existence of 
mi and is guaranteed by Lemma |4] (lifted to wPN), because all the nodes along TT2 
have the same number of w's as we are considering an uj-maximal self-coveringstut- 
tering path. Since e/feci^) is positive, so is effect (^(^2)). Thus, there exists^ m' 2 

s.t. mi ^ 7! ' 2 \ m ' 2 anc j m ' 2 ^ tci\. By invoking Lemma[4] (lifted to wPN) again, letting 
7r = 7Ti and m = mi, we conclude to the existence of a sequence of transitions tr, a 
marking mo and a marking m' 1 y mL s.t. mo w! x . Since m\ y mi, ^{^2) is again 

4 That is, if Build-KM(A^, mo) returns (JV, E, A, ft, no) and Build-KM (remlaj(A^, mo)) 
returns (W , E', A', fi' , n' ), then, there is a bijection h : N i-> N' s.t. (i) h(no) = n' , (ii) for all 
n£JV: A(n) = X(h(n)), (Hi) for all m, n 2 in N: (ni,n 2 ) 6 E iff (h(m), h(n 2 )) G E' , (iv) for all 
(ni,n 2 ) G E: fi(ni,n 2 ) = ft'(h(rii), h(n 2 )). 

5 Remark that, although effect(fi(ir 2 )) y 0, we have no guarantee that m 2 y mi, as we could have 
effect (fj,(ir 2 )) = lo for some p, and maybe the amount of tokens that has been produced in p by fJ.(n 2 ) to 
yield m 2 does not allow to have m 2 (p) > mi(p). However, in this case, it is always possible to reach a 
marking with enough tokens in p to cover mi (p), since effect(p,(TT 2 )) = U3. 
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Arable from m^. Let m 2 = m 2 + m! x — rax. Clearly, m! x ^— > m 2 , with m 2 h m' v 

Hence, mo m' 1 fji 2 is a self-covering execution of Af. 

Second, let us show that, if Af admits a self-covering execution from mo, then 
Build-KM(A/\ mo) contains an w-maximal self-covering stuttering path. Let p — 
mo mi • ■ • m„ be a self-covering execution and assume < k < n is a 
position s.t. m^ ^ m„. Let ci denote ii, . . . tk and 02 denote ifc+i, ■ ■ • t n . Let us 
consider the execution p' , defined as follows 

P = mo — > m ft > m k+1 ■■■ — > m n > m n+1 ■■■ — > m 2n - k ■ ■ ■ 

S v v ' 

(7 2 <J1 

th+1 t n 

> m (|P| + l)n-|P|/c+l • • • > m (|P|+2)n-(|P| + l)/c 

s ^ 

CT2 

where for all n+1 <j< (\P\ + 2)n— (|P| + l)fc: m ; -- mj_i = mjij) — mf(j-i) with 
/ the function defined as f(x) = ((x — k) mod (n — k)) + fc for all x. Intuitively, p' 
amounts to firing a\ (o"2)' p ' +1 (where P is the set of places of Af) from mo, by using, 
each time we fire a 2 , the same effect as the one that was used to obtain p (remember 
that the effect of a 2 is non-deterministic when u/s are produced). It is easy to check 
that p' is indeed an execution of Af, because p is a self-covering execution. 

Let no, rii, . . . nt and h be the stuttering path in Bui Id- KM (Af, mo) and the map- 
ping corresponding to p' (and whose existence is established by Lemma 01. Since, 
nik d: m n , effect(tk+i ■ • ■ t n ) > and by Lemma|6] (lifted to wPN), all the following 
stuttering paths are self-covering: 



no, ■ ■ 


■ , n h(k), ■ ■ 


■ , n h(n) 








n , ■ ■ 


■ , n h(k), ■ ■ 


■ , n h(n), ■ 


■ ■ , n h(2n- 


-k) 




n , ■ ■ 


■ , n h (k), ■ ■ 


■ , n h ( n ), . 


■ ■ , n h(2n- 


-k)> ■ ■ 


• ) nfi(3«-2fc) 


n , ■ ■ 


■ , n h (k), ■ ■ 


■ , nh(n), ■ 


■ ■ , n h(2n- 


-*)>•• 


• ) nfi(3n-2fc) 



, ■ ■ ■ ,n h ((\P\+2)n-(\P\ + l)k) 



Let us show that one of them is w-maximal, i.e. that there is 1 < j < \P\ + 1 s.t. 
nbw (n^(j„_(j_x)fe)) = nbuj (n h ((j + iy n _j k ))- Assume it is not the case. Since the 
number of u's can only increase along a stuttering path, this means that 

< nbw (n h{n) ) < nbw (n h(2n _ k) ) < nbw (n h{3n _ 2k) ) < nbw (n/ ! .((|p| +2 ), l -(|p|+i)fc)) 

However, this implies that nbcj (n; l ((|p|+2)n-(|p|+i)fc)) > \P\, which is not possible 
as P is the set of places of Af. Hence, we conclude that there exists an w-maximal 
self-covering stuttering path in Bui Id- KM (.A/ - , mo). □ 
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Figure 5: Transforming an cjPN into a plain PN. 



4 From wPN to plain PN 

Let us show that we can, from any wPN Af, build a plain PN Af 1 whose set of reach- 
able markings allows to recover the reachability set of Af. This construction allows to 
solve reachability, coverability and (place) boundednes. The idea of the construction 
is depicted in Fig. [5] More precisely, we turn the u>PN Af = (P, T, mo) into a plain 
PN Af' = (P', T', m' ) using the following procedure. Assume that T = T p i ain W T u , 
where T u is the set of ^-transitions of Af. Then: 

1. We add to the net one place (called the global lock) lock g , and for each ui- 
transition t, one place lock t . That is, P' = P U {lock g } U {lock t | t e T u }. 

2. Each transition t in Af is replaced by a set of transitions T t in Af' . In the case 
where t is a plain transition, T t contains a single transition that has the same 
effect as t, except that it also tests for the presence of a token in lock g . In the 
case where t is an w-transition, T t is a set of plain transitions that simulate the 
effect of t, as in Fig. [5] Formally, T' = UterTt, where the T t sets are defined as 
follows: 

• If t is a plain transition, then T t = {<'}, where, I(t') = I{t) U {lock g } and 
0(f) = 0(t) U {lockg}. 

• If £ is an w-transition, then: 

T t - {*', W U {tl u | J(t)(p) = uj} U {t% | 0(t)(p) = oj} 

where I(t') = I(t) + {lock g }; 0(f) = I(t end ) = {lockj; 0(t end ) = 
{lockg} + 0(t). Furthermore, for all p s.t. I(t)(p) = u: I(t p _ u ) = 
{p, lockt} and 0(^ w ) = {lock t }. Finally, for all p s.t. 0(t)(p) = co: 
I(t p + J = {lockj and 0(t p _ J = {p, lockj. 

3. We let / be the function that associates each marking rn of Af to the marking 
f(m) of N' s.t. rn'(lockg) = 1; for all p £ P: m'(p) = m(p); and for all 
p $ P U {lockg}: m'(p) = 0. Then, the initial marking of Af' is /(mo). 

It is easy to check that: 
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Lemma 8 Let TV be an ujPN and let TV be its corresponding PN. Then m 6 Reach(TV) 
ifff(m) G Reach (TV). 

The above construction can be carried out in polynomial time. Thus, uiPN generalise 
Petri nets, the known complexities for reachability |[T6l [T71 , (place) boundedness and 
coverability [ 19 1 carry on to wPN: 

Corollary 1 Reachability for ujPN is decidable and ExvSVACE-hard. Coverability, 
boundedness and place boundedness for loPN are ExpSpaCE-c. 

This justifies the result given in TableQ]for reachability, coverability and (place) bound- 
edness, for ljPN. 

However, the above construction fails for deciding termination. For instance, as- 
sume that the leftmost part of Fig. [5] is an wPN TV = (P, T, mo) with mo(q) — 1. 
Clearly, all executions of TV are finite, while t'{t p ^ u f)' jj is an infinite transition sequence 
that is Arable in TV'. Termination, however is decidable, by the KM technique of Sec- 
tion|3] and ExpSPACE-hard, as o;PN generalise Petri nets. In the next section, we show 
that the Rackoff technique [ 19] can be generalised to wPN, and prove that termination 
is ExpSpace-c for wPN. 



5 Extending the Rackoff technique for orPN 

In this section, we extend the Rackoff technique to o;PN to prove the existence of short 
self-covering sequences. For applications of interest, such as the termination problem, 
it is sufficient to consider wOPN, as proved in Lemma Q Hence, we only consider 
ojOPN in this section. 

As observed in [19], beyond some large values, it is not necessary to track the 
exact value of markings to solve some problems. We use threshold functions h : 
{0, . . . , |P|} — > N to specify such large values. Let nbuJ(m) = \{p e P m(p) & 
N}|. 

Definition 2 Let h : {0, . . . , |P|} — > fi be a threshold function. Given an u-marking 
m, the markings [mj/j-^ and [m] w _>/i are defined as follows: 

m{jp) ifm{p) < /i(nbtU(m)), 
uj otherwise. 

m(p) ifm(p) £ N, 

h(rAxd (m) + 1) otherwise. 

In [mJh-Hj, values that are too high are abstracted by to. In [m] w ^./,, ui is replaced 
by the corresponding natural number. This kind of abstraction is formalized in the 
following threshold semantics. 

Definition 3 Given an ujPN TV, a transition t, an co-marking m that enables t and a 
threshold function h, we define the transition relation A7, as m [m+ effect (f)]/j_>. w . 



([m]h-+u)(p) = 
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The transition relation — >h is extended to sequences of transitions in the usual way. 
Note that if m —t^ m', then uo(m) C w(m'). In words, a place marked co will stay that 
way along any transition in threshold semantics. 

Let R = max{| effect(t){p)\ | t G T,p G P, effect (t)(p) < co}. The following 
proposition says that w can be replaced by natural numbers that are large enough so 
that sequences are not disabled. The proof is by a routine induction on the length of 
sequences, using the fact that in an wOPN, any transition can reduce at most R tokens 
from any place. 

Proposition 2 For some uj-markings m% and m 2 , suppose mi —t^ m 2 and 10(7712) = 
w(mi). If m' x is a marking such that m\ diutrm) m i an d m 'i(p) ^ P|°1 f or a ^ 
p G cj(mi), then m\ m' 2 such that m 2 ^ w ( m ,) m 2 andm! 2 (p) > m'i(p) — R\a\. 

Definition 4 Given an co-marking mi and a threshold function h, an w-maximal thresh- 
old pumping sequence (h-PS) enabled at mi is a sequence a of transitions such that 
mi — >h m 2 , effect(cr) > and io(jri2) = uj(mi). 

In the above definition, note that we require effect (a)(p) > for any place p, irrespec- 
tive of whether mi (p) = uj or not. 

Definition 5 Suppose a is an uj-maximal h-PS enabled at mi and a = o~io~20~3 such 
that mi — l -+h m 3 m 3 m2- We call a 2 a simple loop if all intermediate 

u>-markings obtained while firing a 2 from m% (except the last one, which is m% again) 
are distinct from one another. 

In the above definition, since 7713 -^>/, m% and mi aiCT3 ) fc m%, one might be tempted 
to think that ai 1T3 is also an w-maximal h-PS enabled at mi . This is however not true in 
general, since there might be some p G w(rai) such that effect (<J\<Jz)(p) < (which 
is compensated by a 2 with effect(<j2)(p) > 0). The presence of the simple loop 02 is 
required due to its compensating effect. The idea of the proof of the following lemma 
is that if there are a large number of loops, it enough to retain a few to get a shorter 
w-maximal h-PS. 

Lemma 9 There is a constant d such that for any u>PN Af, any threshold function h 
and any uj-maximal h-PS a enabled at some co-marking mi, there is an co-maximal 
h-PS a' enabled at mi, whose length is at most (h(nbco (mi))2i?) d ' p ' . 

Proof. [Sketch] This proof is similar to that of |[T9l Lemma 4.5], with some modifica- 
tions to handle w-transitions. It is organized into the following steps. 

Step 1 : We first associate a vector with a sequence of transitions to measure the effect 
of the sequence. This is the step that differs most from that of |fl9l Lemma 4.5]. 
The idea in this step is similar to the one used in [3 Lemma 7]. 

Step 2: Next we remove some simple loops from a to obtain a" such that for every 
intermediate w-marking m in the run mi — m 2 , m also occurs in the run 

mi ^-> h m 2 . 
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Step 3: The sequence a" obtained above need not be a /i-PS. With the help of the 
vectors defined in step 1, we formulate a set of linear Diophantine equations that 
encode the fact that the effects of a" and the simple loops that were removed in 
step 2 combine to give the effect of a h-PS. 

Step 4: Then we use the result about existence of small solutions to linear Diophan- 
tine equations to construct a sequence a' that meets the length constraint of the 
lemma. 

Step 5: Finally, we prove that a' is a h-PS enabled at mi. 

Step 1: Let P u C a; (mi) be the set of places p such that some transition t in a 
has effect (t)(p) = u). If we ensure that for each place p 6 P u , some transition t 
with effect (t)(p) — cj is fired, we can ignore the effect of other transitions on p. This 
is formalized in the following definition of the effect of any sequence of transitions 
<ti = ti • ■ • t r . We define the function Ap^ [a\] : u(mi) — > Z as follows. 



Ap>i](;p) 



1 p G P u , 3i G {1, . . . ,r} : effect(U)(p) = lu 

p G P u , Vt G {1, . . .,r} : effect(U)(p) + lu 

k Ei<i< r f# ec *(*i)(P) otherwise 



Applying the above definition to simple loops, it is possible to remove some of them to 
get shorter pumping sequences. Details about how to do it are in the remaining steps 
of the proof, which are moved to the appendix. □ 

Definition 6 Let c — 2d. The functions hi, h 2 ,l ■ N — > N are as follows: 

fti(0) = l *(0) = (2i?) c l p l 3 h 2 (0) = R 

hi(i + 1) = 2R£(i) + = (hxii + 1)2 R) c ^ 3 h 2 (i + 1) = M(i) 

All the above functions are non-decreasing. Due to the selection of the constant c 
above, we have (2xi?) c l p l 3 > x* p \ + {2xR) d ^ 3 for all x EN. 

The goal is to prove that if there is a self-covering execution, there is one whose 
length is at most £(|P|). That proof uses the result of Lemma|9]and the definition of £ 
above reflects it. For the intuition behind the definition of hi and h 2 , suppose that the 
proof of the length upper bound of ^(|P|) is by induction on \P\ and we have proved 
the result for \P\ = i. For the case of i + 1, we want to decide the value beyond which 
it is safe to abstract by replacing numbers by u>. As shown in Fig.|6l suppose the initial 
prefix of a self-covering execution for i places is of length at most £(i). Also suppose 
the pumping portion of the self-covering execution is of length at most £(i). The total 
length is at most 2£(i). Since each transition can reduce at most R tokens from any 
place, it is enough to have 2R£(i) tokens in pi+\ to safely replace numbers by lu. 

The following lemma shows that if some w-marking can be reached in threshold 
semantics, a corresponding marking can be reached in the natural semantics where u 
is replaced by a value large enough to solve the termination problem. 



17 



> 2R£(i) -> ui 



Pi+i 




»o o o 

< £{i) < W) 
Figure 6: Intuition for the threshold functions 

Lemma 10 For some ui-markings and 1714, suppose TO3 — >/n m 4- Then there 
is a sequence a' such that ^3^)1, -^-> to 4 , m' 4 <^ w ( m4 ) [m^^dj and \<j'\ < 
/ii(nbtJ(m3))' p L 

Lemma 11 If an loPN M admits a self-covering execution, then it admits one whose 
sequence of transitions is of length at most £(\P\). 

Proof. Suppose a — o\U2 is the sequence of transitions in the given self-covering 
execution such that too — 4- mi — h TO2 and TO2 >r Tn\. A routine induction on the 
length of any sequence of transitions a shows that if TO3 TO4, we have to 3 to^ 
with TO4 — to 3 >; TO4 — TO3. Hence, we have too — m\ -^h x m 2 w ^ m 2 b TO i- 
By monotonicity, we infer that for any i e N + , — with to^ +1 >; to^. 

cr er J_1 

Let j e N + be the first number such that cj(to^) = u>(m'j +1 ). We have too — >hi 

m'j ^^hx m 'j+i an d °2 is an w-maximal /24-PS enabled at m'j. 

By Lemma [9J there is a /24-PS a' 2 enabled at m'j whose length is at most 

Oi(nb!ZJ {m' j ))2R) d \ p \ :i . By Lemma[l0l there is a sequence cr[ such that to — > to", 
to" bu,(m'.) [ m j]"->-fc 2 and k'll < Cud-Pl)) 1 ^- By Definition and Definitional 
we infer that mj(p) = ^(nboJ (to^)) = i?(/ii(nbuJ (to^.))2.R) c I p I 3 > R\a' 2 \ for all 

p G uj(m'j). Hence, we infer from Proposition [2] that too — ^ to" m j+i- Since 
er 2 is a hi-PS, effect (cr 2 ) t 0' and so m j+i — TO j'- Therefore, firing o^o^ at too 
results in a self-covering execution. The length of o' x a' 2 is at most (/ii(|P|))l p + 
{h 1 {nhZj{m' j ))2R) d \ p f <t{\P\). ' □ 

Lemma 12 Lef fc = 3c. Then £(i) < (2R) k ' +1 \ p \ H ' +1) for all i e N. 

Theorem 2 The termination problem for loPN is ExpSpace-c. 

The idea of the proof of the above theorem is to construct a non-deterministic Turing 
machine that guesses and verifies a self-covering sequence. By Lemma [TT1 the length 
of such a sequence can be limited and hence made to work in ExpSpace. Full proof 
can be found in the appendix. 
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6 Extensions with transfer or reset arcs 



In this section, we consider two extensions of uPN, namely: wPN with transfer arcs 
(wPN+T) and o;PN with reset arcs (o;PN+R). These extensions have been considered in 
the case of plain Petri nets: Petri nets with transfer arcs (PN+T) and Petri nets with reset 
arcs (PN+R) have been extensively studied in the literature J7] Q] 111 ED • Intuitively, a 
transfer arc allows, when the corresponding transition is fired to transfer all the tokens 
from a designated place p to a given place q, while a reset arc consumes all tokens from 
a designated place p. 

Formally, an extended o;PN is a tuple (P, T), where P is a finite set of places and 
T is finite set of transitions. Each transition is a pair t — (I, O) where I : P 1-4 N U 
{uj, T, R}; O : P ^ N U {a;, T}; |{p | I(p) G {T, R}}| < 1; \{p \ 0(p) G {T}}| < 1; 
there is p s.t. 7(p) = T iff there is </ s.t. O(q) = T; and if there is p s.t. I(p) — R, f/zen, 
O(p) G N{w} for all p. A transition (/, O) s.t. I(p) — T (resp. 7(p) = R) for some p 
is called a transfer {reset). An wPN with transfer arcs (resp. w/f/z resef arc.?), wPN+T 
(wPN+R) for short, is an extended wPN that contains no reset (transfer). An wPN+T 
s.t. I(t)(p) ^ uj for all transitions t and places p is an wOPN+T. The class ojIPN+T 
is defined symmetrically. An ljPN+T which is both an ljOPN+T and an ljIPN+T is a 
(plain) PN+T. The classes wOPN+R, wIPN+R and PN+R are defined accordingly. 

Let t = (I, O) be a transfer or a reset, t is enabled in a marking m iff for all p: 
I(p) ^ {uj, T, R} implies m(p) > I(p). In this case firing t yields a marking m' — 
m — mj + ttlq (denoted m A m') where for all p: mj(p) — m(p) if 7(p) G {T, R}; 
< mj(p) < m(p) if I(p) — uj; mj(p) — I(p) if I(p) $ {T, R,o;}; mo{p) = m(p') 
if 0(p) = I(p') =T;mo(p) > if 0(p) =u; and m (p) = 0(p) if 0(p) ^ {T,w}. 
The semantics of transitions that are neither transfers nor resets is as defined for wPN. 

Let us now investigate the status of the problems listed in Section [2] in the case of 
wPN+T and wPN+R. First, since wPN+T (wPN+R) extend PN+T (PN+R), the lower 
bounds for the latters carry on: reachability and place-boundedness are undecidable [6 1 
for wPN+T and ljPN+R; boundedness is undecidable for wPN+R [ 8 1 ; and coverability 
is Ackerman-hard for wPN+T and wPN+R ETl . On the other hand, the construction 
given in Section [4] can be adapted to turn an wPN+T (resp. wPN+R) Af into a PN+T 
(PN+R) Af 1 satisfying Lemma [8] (i.e., projecting Reach(A/"', m ) on the set of places 
of Af yields Reach(A/", mo)). Hence, boundedness for o;PN+T [8 1, and coverability for 
both wPN+T and wPN+R are decidable £j]. 

As far as termination is concerned, it is decidable [7| and Ackerman-hard ETl 
for PN+R and PN+T. Unfortunately, the construction presented in Section [4] does not 
preserve termination, so we cannot reduce termination of wPN+T (resp. wPN+R) to 
termination of PN+T (PN+R). Actually, termination becomes undecidable when con- 
sidering wOPN+R or wOPN+T: 

Theorem 3 Termination is undecidable for uiOPN+T anduOPN+R with one ui-output- 
arc 

Proof. We first prove undecidability for ljOPN+T. The proof is by reduction from the 
parameterised termination problem for Broadcast protocols (BP) [ 9j. It is well-known 
that PN+T generalise broadcast protocols, hence the following parameterised termina- 
tion problem for PN+T is undecidable: 'given a PN+T (P, T) and an w-marking mo, 
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does (P, T, mo) terminate for all too gJ,(too) ?' From a PN+T TV = (P, T) and an oj- 
marking mo, we build the ljOPN+T (with only one cj-output-arc) TV = (P', T' , m ) 
where P' = P W {p init }, T' = T W {(/, O)}, / = {p init },O = { W ®p|m (p) = w}, 
and m = {too ® P | rno{p) 7^ w}. Clearly, TV terminates iff (P,T,mo) ter- 
minates for all too G| (too). Hence, termination for wOPN+T is undecidable too. 
Finally, we can transform an wOPN+R TV = (P, T, m ) into an wOPN+T TV' = 
(P W {ptrashjjT'jTOo), where i' G T' iff either (i) t' £ T and i' is not a reset, 
or (ii) there is a reset i e T and a place p G P s.t. I(t)(p) = R, I(t')(p) = T, 
O(O0w/0 = T, for all p' ^ p: = I(t)(p') and for all p" ? Ptrash : 

0(t')(p") = 0(t)(p"). Intuitively, the construction replaces each reset (resetting place 
p) in TV by a transfer from p to ptrash in TV, where ptrash is a fresh place from which 
no transition consume. Since TV terminates iff TV terminates, termination is undecid- 
able for cjPN+R too. □ However, the construction of Section|4]can 
be applied to cjIPN+T and cjIPN+R to yield a corresponding PN+T (resp. PN+R) that 
preserves termination. Hence, termination is decidable and Ackerman-hard for those 
models. This justifies the results on wPN+T and wPN+R given in TableQ] 
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A Proof of Lemma [3] 



An loPN terminates iff it admits no self-covering execution. Proof. Assume Af = 

(P, T, mo) admits an infinite execution too — ^ toi ti ■ ■ ■ rrij J+1 > ■ ■ • . Since 
^ is a well-quasi ordering on the markings, there are two positions a and (3 in the 

execution s.t. a < (3 and m a ^ mp. Hence, too — ^ mi — ^ ■ ■ ■ -A- to^ is a 
self-covering execution. 

For the reverse implication, assume Af = (P, T, mo) admits a self-covering execu- 
tion Too — t> toi — y £2 • • • — ^ Tin and assume < k < n is a position s.t. to^ ^ m n . 
Then, by monotonicity, it is possible to fire infinitely often the tk+i ■ ■ ■ t n sequence 
from TOfe. More precisely, one can check that the following is infinite execution of Af: 

tl, *fc, tfc + l *n, 1 1 

too — > mi ■ ■ ■ — > m,k > m k+i ' ' ' — y m n y m k+i ' ' ' — ^ m n 

> m k+l > m n > m k+l > m i ■ ■ ■ 

where for all 1 < i < n — k: m^ +i = mk+i, for all j > 1, m 3 k+1 = m\~ x + (mk+i — 
TOfe) and for all 2 < i < n — k: mj = m\_ x + (mk+i — m-fc+i-i)- D 



B Proof of Proposition 3] (Termination) 

For all ujPN N and for all initial marking m$, Build-KM(J\f, too) terminates. Proof. 
The proof is by contradiction. Assume Bui Id- KM (Af, too) does not terminate. First 
observe that the recursion depth is always bounded: since a recursive call is performed 
only when a new oj has been created, the recursion depth is, at any time, at most equal 
to \P\ + 1, where P is the set of places of Af 

Thus, if Build-KM(A/', too) does not terminate, it is necessarily because the main 
while loop does not terminate (the other loop of the algorithm is the forall starting in 
line|6j which always execute at most |T| iterations, where T is the set of transitions of 
Af). In this loop, one node is removed from U at each iteration. Since the algorithm 
builds a tree, a node that has been removed from U will never be inserted again in U. 
Hence, the tree Tbuilt by Build-KM(A/", too) is infinite. 

By Konig's lemma, and since T is finitely branching, it contains an infinite path 
7r. Since the recursion depth is bounded, ir can be split into a finite prefix tti and an 
infinite suffix ir-2 s.t. all the nodes in TT2 have been built during the same recursive call. 

Let us assume 1x2 = rbQ,n\, . . . , n m , . . . Since ^ is a well-quasi-ordering on ui- 
markings, there are k and I s.t. < k < I and \ijik) d A(n^). Clearly, A(rt^) = \(ng) 
is not possible because of the test of line|5]that prevents the development of ng in this 
case. Thus, A(rtfc) -< \(ng). This means that, for all p E P: X(nk)(p) < X(ng)(p), 
and that there exists p s.t. A(n&)(p) < A(ng)(p). Letp < be such a place. By definition 
of the Post function, and of the acceleration (line [T9Ti, the only possibility is that 
X(ni)(p < ) = ui 7^ X(nk)(p < ). However, in this case, when X(ne) is returned by 
Post, a new recursive call is triggered, which contradicts the hypothesis that ne and 
rik have been built during the same recursive call. Contradiction. □ 
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C Proof of Lemma @] (soundness) 



Recall that, in the present section, we prove the soundness of Build-KM, when ap- 
plied to ujOPN only. Hence, throughout the section I(t)(p) ^ u for all places p and 
transitions t. To prove Lemma |U we need ancillary results and definitions. First, we 
state the place monotonicity property of wPN. Let mi and m,2 be two markings, and 
let P' C P be a set of places s.t. m-i }zp' mi- Let a be a sequence of transitions and 
let m.3 be a marking s.t. m\ —> m^. Then, there exists a marking 7714 s.t. m,2 —> m± 
and 7714 ^p/ 7713. 

Then, we observe, that, when no oj's are introduced in the labels of the nodes, the 
sequence of labels along a branch coincides with the effect of the transitions labelling 
this branch. Formally: 

Lemma 13 Let j\f be an ujOPN, let mo be an u-marking and let T be the tree returned 
by Build-KM (A/", mo). Let n\, n-i be two nodes of T s.t. (711,712) G E + . Then, 
for all p s.t. X(ni)(p) ^ oj and \(ri2)(p) ^ uj, we have: \{n2){p) — \(ni)(p) + 
effect(a)(p). 

The next technical definitions allows to characterise when a sequence of transition 
is Arable from a given marking. Let a = t\ ■ • ■ t n be a sequence of transitions of an 
wOPN, s.t. for all 1 < i < n — 1, for all p G P: 0(ti)(p) / uj. Let m be a marking and 
let p be a place. Then, we let AllowsFiring be the predicate s.t. AllowsFiring(er, m,p) 
is true iff: 

VI < i < n : m(p) + effect{h ■ ■ ■ > I{U){p) 

Remark that a is Arable from m iff for all p G P: AllowsFiring(cr, m,p). We extend 
the definition of AllowsFiring to sequences of transitions containing one w-output- 
transition. Let a = t\ ■ ■ ■ t n be a sequence of transitions, let p be a place, and let 
1 < i < n be the least position s.t. 0(tj)(p) = uj. Then AllowsFiring(cr, m,p) holds 
iff AllowsFiring(r;i • • • tj, m,p) holds. Again, a is Arable from m iff for all p G P: 
AllowsFiring(CT, m,p). Indeed, AllowsFiring(r;i • • • tj,m,p) ensures that, when firing a 
from m, p will never be negative along t%- ■ - tj. Moreover, tj can create an arbitrary 
large number of tokens in p, since 0(tj)(p) = uj, which allows to ensure that p will 
never be negative along tj + i ■ ■ ■ t n . Given this definition of AllowsFiring it is easy to 
observe that: 

1. m(p) > I(cr)(p) implies that AllowsFiring((j, m,p), 

2. if AllowsFiring(er, m,p) holds and effect (a) (p) > 0, then AllowsFiring^^, m,p) 
holds too for all K > 1. 

Lemma 14 Let N be an ujOPN, let mo be an uj-marking, and let T be the tree returned 
by Build-KM (TV, mo), let e = (ni, 712) be an edge of T and let m be a marking 
in r )(\(ji2)). Then, there are mi G 7(A(ni)), m2 G 7(A(tt.2)) and a sequence of 
transitions ov of Af s.t. mi m^ and TO2 ^ Tn. Moreover, when nbw(A(ni)) = 
nbw (A(ri2)), cr n = fi(e) is a sequence of transitions meeting these properties. 

^Remark that, due to the u/s, the effect of a is now non-deterministic, and there can be several such m^. 
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Proof. Edges are created by Build-KM in line PT31 only. Thus, by the test of the 
f orall loop (lineO, and since we are considering an wOPN: 



(1) 



A(»i) > I(ji(e)) 

Moreover, when creating an edge (n, n') (linefTSt. n' is either a fresh node s.t. A(n') is 
the w-marking returned by Post (TV, X(n),t), or n' is the root of the subtree T' returned 
by the recursive call Build-KM(A/", m'), with fj,(n, n') = t in both cases. However, in 
the latter case, the root of T' is m', i.e., the marking returned by Post(VV, A(n), t) too. 
Since this holds for all edges, we conclude that A (ri2) is the cj-marking m! returned by 
Post(7V", A(rii), /-t(e)). Considering the definition of the Post function, we see that m! 
is either A(ni) — I(t) + 0(t) (when the condition of the if in line[l8]is not satisfied), 
or the result m w of an acceleration (when the condition of the i f in line[18]is satisfied). 
We consider these two cases separately. 

Case A: the condition of the if in line[l8|has not been satisfied (i.e., no accelera- 
tion has occurred). Then, A (712) is the marking m! computed in line [17] 



A(n 2 ) = A(m) - I{n{e)) + 0{n{e)) 
We let mi be the marking s.t. for all places p 6 P: 

/A(»i)(p) ifA(m)(p)^w 
m l(p) — \ 

\I(p,(e))(p) + m(p) otherwise 

And we let 777,2 be the marking s.t., for all places p G P: 



(2) 



777 2 (P) 

Finally, we let: 



mi(p) + 0(M(e))(p)-/(A*(e))(p) 
^777i(p) - I(n(e))(p) + m(p) 

av = p(e) 



ifO(p(e)){p)^uj 
otherwise 



Let us show that mi, 7772 and ov = /x(e) satisfy the lemma. First, we observe that 
777i £ 7(A(ni)), by definition. Then, we further observe that there are only four possi- 
bilities regarding the possible values of A(ni)(p), \(ri2)(p) and 0(p,(e))(p), as shown 
in the following table. Indeed, 7i 2 is a successor of m in the tree, so uj(ri2) 3 w(rii). 
Moreover, X(n2)(p) = oj ^ \(nx)(p) holds for some p iff 0(/i(e))(p) = lu, as we 
have assumed that the condition of the if in line[l8]has not been satisfied: 



Case 


A(m)(p) 


A(na)(p) 


0(Ke))(p) 


1 


= UJ 


= UJ 


= UJ 


2 


= UJ 


= UJ 


^UJ 


3 


^UJ 


= UJ 


= UJ 


4 


jLuj 


^UJ 


^UJ 



For these four different cases, we obtain the following values for mi (p) and 7772 (p), by 
definition: 



mi(p) 



*(Me))(p) 
A(m)(p) 



m(p) 



cases 1 and 2 
cases 3 and 4 



(3) 
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m 2 (p) 



2 x m(p) case 1 

m(p) + 0(/j(e))(p) case 2 

A(ni)(p) - I(fi(e))(p) + m(p) case 3 

U(ni)(p)+O0*(c))(p)-/(/i(e))(p) case 4 



To prove that m2 G 7(A(na)), we must show that 77*2 (p) = A(?i2)(p) for all p s.t. 
A(ri2)(p) 7^ w, which corresponds only to case 4, where we have: 

m 2 (p) = A(m)(p) + 0( M (e))(p) - /(A*(e))(p) By ® 

= A(77 2 )(p) By© 

Then, it remains to show that mi * - -» m 2 . First, we show that, fi(e) is Arable 
from mi, i.e. that for all p E P: mi(p) > 7(p(e))(p). In case 1 and 2, we have 
to i(p) = ^(/ i ( e ))(p) + 'ti(p) > I{^{ e )){p)- in cases 3 and 4, we have mi(p) = 
A(ni)(p), with A(ni)(p) > 7(/i(e))(p) by (Q}. Thus, /i(e) is Arable from mi. Then, 
we must show that m 2 can be obtained as a successor of m\ by /z(e). In cases 1 
and 3, the effect of /i(e) is to remove /(/i(e))(p) tokens from p and to produce an 
arbitrary number K of tokens in p. Hence, in case 1, by firing //(e) from mi, we obtain 
J(/x(e))(p) + m(p) — 7(/i(e))(p) + -K" = m(p) + tokens in p. In case 3, by firing 
fi(e) from mi, we obtain A(ni)(p) — J(/i(e))(p) + X tokens in p. In both cases, by 
letting K = m(p), we obtain m,2(p). In cases 2 and 4, the effect of /x(e) on place p is 
equal to 0(/i(e))(p) — J(/x(e))(p). Hence, in case 2, by firing /i(e) from mi, we obtain 
I(p(e))(p) +m(p) - J(/i(e))(p) +0(/x(e))(p) = m(p) + 0(/i(e))(p) tokens in p. In 
case 4, by firing fi(e) from mi, we obtain A(rii)(p) — J(/i(e))(p) + 0(/i(e))(p) tokens 
in p. In both cases, these values correspond exactly to 7712 (p). 

We conclude this case by observing that nbw (A(rii)) = nbw (A(ri2)) implies that 
no acceleration has been performed, which is the present case. We have thus shown 
that when nbw (A(rii)) = nbw (A(n 2 )), cr w = /i(e) is a sequence of transitions that 
satisfies the lemma. 

Case B: the condition of the if in line ITHl has been satisfied (an acceleration has 
occurred). Remark that, in this case, ni is the node called n in the condition of the 
if, and p(e) is the transition called t in the same condition. Let er be the sequence of 
transitions labelling the path from ntorii. Let p Acc denote the set of places: 

P Acc = {P I effect(a(p)) > A A(n 2 )(p) /.A 0(fx(e))(p) ± u} (5) 

Then, let K be the value defined as: 

K = max {m(p)} (6) 

This value allows us to define the sequence of transitions cr ff : 

ov =/x(e)(o : -/i(e)) (7) 
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From those definitions of n, n\, n-x, a and /i(e), we conclude that only the following 
cases are possible, for all places p: 



case 


X(n)(p) 


A(ni)(p) 


Hn 2 )(p) 


effect(a)(p) 


effect(n(e))(p) 


Remark 


1 


u> 


U) 


UJ 


e zu {w} 


e zu {u} 




2 


+ u 






+ u 






3 






10 


+ u 


LO 




4 






LO 


+ u 




effect (a ■ /x(e))(p) > 



Those cases are the only possible because n is an ancestor of ni, which is itself an 
ancestor of n.2- Moreover, by construction, nbw in) = TLOio(ni), since those two 
nodes have been computed during the same recursive call. Thus, the occurrence of a 
fresh to can only appear between n\ and ri2, either because effect (p,(e))(p) — lo (case 
3), or because we have performed an acceleration (case 4). Remark that the latter only 
occurs when effected ■ fi(e))(p) > 0. 
Let us next define the marking mi, as: 

-ib) = { u ni \ { A < . ^K^" (8) 
^' \ I(a 7I )(p) + m(p) otherwise 

where I(a 7T )(p) denotes 2~^"=i ^"(*t)(p) f° r °w = h, ■ ■ • ,tn- Observe that, by defini- 
tion: mi £ 7(A(ni)). Then, let us prove that ov is Arable from m\. First observe that, 
if pis a place s.t. X{n\){p) — to, then AllowsFiring(cr 7r , mi,p) holds, because, in this 
case, mi(p) > /(avXp), by dS). Then, assume p is a place s.t. A(ni)(p) ^ to. In this 
case, by definition, mi(p) = X(ni). First observe that, by construction, and since we 
consider wOPN (see line[6]of the algorithm): 

Vp : A(ni)(p) > J(Ai(e))(p) (9) 

Let us now consider all the possible cases, which are cases 2, 3 and 4 from the table 
above (case 1 cannot occur since we have assumed that X(ni)(p) ^ to): 

• In case 2, since the condition of the if (line[T8l is satisfied, we know that effect{W- 
fi(e))(p) > 0. Since X(n)(p) ^ u, and A(ni)(p) ^ w, we can apply Lemma [T3l 
and conclude that: 

A(n a )(p) - A(n)(p) + e#ect(a ■ /i(e))(p) 

= A(n)(p) + effect(a)(p) + effect (ji(e))(p) 
= A(m)(p) + effect{pi{e)){p) 

Thus: 

A(n x )(p) + effect(n(e))(p) > X(n)(p) (10) 

since effect(W ■ fj,(e))(p) > 0. By applying CASE A (above) iteratively along 
the branch from n to rii, we deduce that AllowsFiring^, X(n),p) holds. Hence, 
AllowsFiring(c7, X(ni)(p) + effect(^,(e))(p),p) holds too, by (ITOb . Finally, by©, 
we conclude that AllowsFiring(/^(e) -cf, X{n\){p) 1 p) holds. However, effect (//(e)- 
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a)(p) = effect(a ■ /t(e))(p) > 0. Thus, since //(e) • a has a positive effect on 
p, we conclude that AllowsFiring ((/t(e) ■lr) K ,X(ni)(p),p) holds too, for all 
K > 1. Finally, since eifeci ((/x(e) • <t) x ) (p) > 0, we conclude that 

A(ni)(p) + e#ec< ((/.(e) • a) K ) > A(m)(p) 
Thus, by (O, we have 

A(ni)(p) + e^ecf ((/i(e) • if)*) > 7( M (e)) 
and we can thus fire /t(e) once again after firing (/t(e) ■ <f) . Hence, 

AllowsFiring ((/t(e) • ct) k • /t(e), A(m),p) 
holds, with ov = (//(e) • cr)^ • /t(e). 

• /n case 3: by ®, since 0(/t(e))(p) = w, and since /t(e) is the first transition of 
ov, we immediately conclude that AllowsFiring(ov, X(ni),p). 

• In case 4, we can adapt the reasoning of case 2 as follows. First remember, that, 
in case 4, effect(W ■ /t(e))(p) > 0. Since X(n)(p) ^ ui, and X(ni)(p) ^ w, we 
can apply Lemma [T3l and conclude that X(ni)(p) = X(n)(p) + effect (a) (p). 
Thus: 

A(n x )(p) + effeet(v(e))(p) = A(w)(p) + effect(a)(p) + effect(^(e))(p) 

= X(n)(p) + effect(a ■ »(e))(p) 

with effect (W ■ /i(e))(p) > 0. Hence: 

A(ni)(p) + effect(jjL{e)){p) > A(H)(p) 

This implies ( [Tol l, and we can thus reuse the arguments of case 2 to conclude that 
AllowsFiring (ov, A(ni),p) holds in the present case too. 

Thus, for all p s.t. A(ni)(p) ^ w: AllowsFiring^Tr, A(ni),p) holds. However, X(ni)(p) ^ 

implies that m\(p) = X(n%)(p), hence, AllowsFiring(cr 7r , mx,p) holds in those cases. 
Thus, we conclude that AllowsFiring(ov, mi,p) holds for all places p, and thus, that 
ov is Arable from mi. 

To conclude the proof let us build a marking m 2 that respects the conditions given 
in the statement of the lemma. Let m be a marking s.t. mi -^4 m. We know that such 
a marking exists since ov is Arable from mi. We first observe that, by LemmaQ] 

Mp s.t. effect{a^){p) ^ ui : m(p) = mi(p) + effect(a w )(p) (11) 

From m, we define m2 as follows: 

Jm(p) if effect(a v ){p) ^ w 

max |m(p), m(j>)} otherwise 
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Clearly, 7712 >zpi to, for P' = {p \ effect{a^){p) = ui. Hence, by Lemma|2] mi -^ ZL > 
rri2 holds. Let us conclude the proof by showing that 7712 G 7(A(ri2)), and that mi > 
m, as requested. Since m has been assumed to be in 7(A(n2)) too, it is sufficient to 
show that for all place p: (i)A(n2)(p) = uj implies 777.2 (p) > to, and (ii) A(ri2){p) 7^ w 
implies niiip) = A(ri2)(p). 

Thus, we consider each place p separately, by reviewing the four cases given in the 
table above: 

• In case 1, m\(p) = I(a 7r )(p) + m(p) and A(ri2)(p) = uj. Let us show that 
to.2(p) > m(p). We consider two further cases: 

1. either effect{a 7T ){p) ^ uj. In this case: 

TO2 (p) — m(p) By (fT2l) 

= toi(p) + effect{a^){p) By O 

= 7(o-»)(p) + effect(a w )(p) + m{p) By © 

> m(p) 

2. or effect (a n)(p) = ui. Then, to 2 (j>) > to(p) by (fT2l 

• /« ca.se 2, we know that effect (fi(e))(p) ^ a; and effect(a)(p) ^ uj, hence 
effected ■ /x(e)) ^ uj and effect(<r 7T ) ^ uj either. Then: 

mzip) — m(p) By dT2b 

= mi (p) + effect (av) (p) By O 

= A(m)(p) + effect (a^)(p) By © 

= A(n 2 )(p) Lemma [T3l and effect (a • /i(e)) / cj 

• in case 5, A(ri2)(p) = uj and effect (a w )(p) — uj too. Hence, 7712(2?) > m (p) by 

• 7w case 4, A(ri2)(p) = uj again, and toi(jj) = A(7ii)(jj), by ©. Moreover, we 
have effect (a n )(p) ^ uj, because effect(a)(p) ^ uj and effect (fi(e))(p) ^ uj. 
Finally, since in case 4, we have effect (a ■ /x(e))(p) > 0, and since ov — fj,(e)(a- 

/j,(e)) K , we conclude that effect (a n )(p) >K— effect(fi(e))(p). Thus: 

m2(p) — m(p) By ( flZb 

= mi(p) + effect(a w )(p) By (E) 

> mi(p) + K — effect (n(e))(p) See above 
= mi (p) + if - I(p(e))(p) + 0(fi(e))(p) Def. of effect 
>K + mi ( P )-I(n(e))(p) 

> K + X(m)(p) — I(p(e))(p) By© 

> K By © 
>m(p) p e P Acc and by © and © 

□ 
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We are now ready to prove Lemma |4] 

Let J\f be an coOPN, let too be an uj-marking and let T be the tree returned by 
Build-KM(J\f, mo). Let n = no, . . . , n/j be a stuttering path in T, and let m be 

a marking in 7(A(n^)). Then, there exists an execution p n = too m\ ■ ■ ■ — h mi 
of J\f s.t. rri£ G 7(A(nfc)), mg y m and too G 7(A(no)). Moreover, when for all 
< i < j < k: nbuj (rij) = nbw (rij), we /zave: ti • • • ti = £t(7r). 
Proof. We build, by induction on the length k of the path in the tree, a corresponding 
execution of J\f. The induction works backward, starting from the end of the path. 
Base case, k — 0. Since n^ = no, we can take too = to, which clearly satisfies the 
Lemma since to G A(nfc) = A (no). 

Inductive case, k > 0. The induction hypothesis is that there are a sequence of tran- 
sitions a and two markings rti\ and TO& s.t. mi -H> TOfc, mi G 7(A(ni)), m^ G 
7(A(nfc)), and rrik > to. In the case where (no,ni) is not an edge of T (i.e., ni is 
an ancestor of no), we know that A(rio) = A(ni) by definition of stuttering and let 
p P i = mi — > to/,;. Otherwise, we can apply Lemma [T4l and conclude that there are 

a', too and m\ s.t. too m[, too G 7(A(no)), m.j G 7(A(ni)) and m.j y mi. 
Since m[ y mi, cr is also Arable from m^. Let m' k = m\ + (rrik — mi). Clearly, 

too m'i TO fc . Moreover, m' k y rrik h to, by monotonicity. Let us show that 
m' k G 7(A(nfc)). Since m[ and mi are both in 7(A(ni)): mx(p) = m[(p) for all p s.t. 
A(ni)(p) 7^ u>. Thus, by strong monotonicity, we conclude that m&(p) = m' k (p) 
for all p s.t. A(ni)(p) 7^ w. However, for all places p, A(n&)(p) 7^ cj implies 
A(ni)(p) 7^ lj, as the number of cj's increase along a path in the tree. Thus we con- 
clude that mfe(p) = m' k (p) for allp s.t. \(rik)(p) 7^ w. Since mk(p) = \(rik)(p) for 
allp s.t. A(rife)(p) 7^ w because TOfc G 7(A(n^)) by induction hypothesis, we conclude 
that m' k G 7(A(nfc)) too. Thus, too, m' k and a' ■ a fulfill the statement of the lemma. 

Finally, observe that, when all the nodes along the path ti have the same number of 
uj's, Lemma[T4l guarantees that /u(tt) can be chosen for the sequence of transitions a.D 

D Proof of Lemma |5] 

Let J\f be an uOPN, let m$ be an uj-marking, and let T be the tree returned by 
Build-KM(Af, too). Then, for all nodes n ofT: 

• either n has no successor in the tree and has an ancestor Ti s.t. A(n) = A(n). 

• or the set of successors of n corresponds to all the — > u possible successors of 
A(n), i.e.: {/i(n,n') | (n,n') G E} = {t | A(n) — >- w }. Moreover, for each n' 
s.t. (n,n') G E and fi(n,n') = t: A(n') y A(n) + effect (t). 

Proof. Observe that each time a node is created, it is inserted into U, or a recursive 
call is performed on this node. In both cases, the node will eventually be considered 
in line [5] If the condition of the if in line [5] is not satisfied, n has an ancestor n s.t. 
A(n) = A(n). Otherwise, all transitions t that are Arable from A(n) are considered 
in the loop in lines [6] onward, and a corresponding edge (n, n') with fi(n, n') = t is 
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added to the tree in line [15] The label A(n') of this node is either A(n) + effect(t), 
or a >; -larger marking, in the case where an acceleration has been performed during 
the Post, in line [19] Thus in both cases, A(n') >r A(n) + effect (t). The algorithm 
terminates because U has become empty. Thus, all the nodes that have eventually been 
constructed by the algorithm fall into these two cases. Hence the Lemma. □ 

E Proof of Lemma [6] (completeness) 

Let Af be an ujOPN with set of transitions T, let too be an initial marking, let T be 

the tree returned by Build-KM(Af, too) an d let too — toi • • • m n be 
an execution of Af. Then, there are a stuttering path ir — no, n\, . . . , n& in T and a 
monotonic increasing mapping h : {1, . . . , n} \— > {0, . . . , k} s.t.: fJ,(n) = tit 2 ■ ■ ■ t n 
and vtii < \{nh{i)) for all < i < n. Proof. The proof is by induction on the length 
of the execution. 

Base case: n = We let h(0) = 0. By construction A(?io) = m o> hence the lemma. 
Inductive case: n > The induction hypothesis is that there are a path ir — tiq, . . . ni 
and a mapping h : {0, . . . , n — 1} h4 {0, ■■■,£} satisfying the lemma for the execution 

prefix too — 1 -> mi ■ ■ ■ n ~ 1 > m n _i. By Lemma[5] we consider two cases for nf. 

• Either the set of successors of ni corresponds to the set of all transitions that are 
Arable from \(ng). Since, by induction hypothesis, ri( >z m n -i, an( J since t n is 
Arable from to„_i, we conclude that t n is Arable from A(n^) by monotonicity. 
Hence, rig has a successor n s.t. p(ng, n) — t n . Still by Lemma[5] 

A(n) >z M n e) + effect(t n ) 
h m„_i + effect(t n ) 

Hence, we let ni+i = n, and h(n) =1+1. 

• Or the set of successors of ng is empty. In this case, by Lemma [5] there exists 
an ancestor n of rig s.t. X(n) = \(ng). Let ng + i be such a node. Moreover, as 
ni+i 7^ nt < anc l n i+i is an ancestor of ng , ng + \ must have at least one successor. 
Hence, by Lemma[5] ng + i is fully developed, and we can apply the same reason- 
ing as above to conclude that there is a successor n! of ng + i s.t. X(n') y m n and 
p,(ng + i,n') = t n . Let ng +2 be such a node. We conclude by letting h(n) = £+2. 
□ 

F Proof of Lemma U\ 

Let J\f be an u>PN. For all executions Too, t\, Toi, . . . , t' n , m n of remluj(J\f): too, t\, 
toi, . . . ,t ni m n is an execution of M . For all finite (resp. infinite) executions too, tx,m\, 
. . . , t n , m n ( toq , ti , toi , . . . , tj , rrij , . . .) of AT, there is an execution toq , t[ , m'i , . . . , 
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t' n ,m' n (too, ii, m' l7 . . . ,tj,m'j, . . .) of remluj(N), s.t. mi ^ m^ for alii. Proof. 
The first point follows immediately from the definition of remlo;(A/') and from the fact 
that consuming tokens in each place p s.t. 7(tj)(p) = lu is a valid choice when firing 
each transition t\ in Af. The second point is easily shown by induction on the execu- 
tion, because firing each tj produces the same amount of tokens that t'^ consumes the 
same amount of token as each t\ in all places s.t. I{ti)(p) ^ lu, and consumes, in each 
place p s.t. I(ti)(p) = lu a number of tokens that is larger than or equal to the number 
of tokens consumed by t\. □ 

G Proofs for Lemmas in Section |5] 

Proof. [Lemma|9) This proof is similar to that of [ 19. Lemma 4.5], with some modifi- 
cations to handle ^-transitions. It is organized into the following steps. 

Step 1 : We first associate a vector with a sequence of transitions to measure the effect 
of the sequence. This is the step that differs most from that of |[T9l Lemma 4.5]. 
The idea in this step is similar to the one used in [3 Lemma 7]. 

Step 2: Next we remove some simple loops from a to obtain a" such that for every 
intermediate w-marking to in the run mi —>h m.2, to also occurs in the run 



TOl > h TO 2 . 

Step 3: The sequence a" obtained above need not be a h-PS. With the help of the 
vectors defined in step 1, we formulate a set of linear Diophantine equations that 
encode the fact that the effects of a" and the simple loops that were removed in 
step 2 combine to give the effect of a h-PS. 

Step 4: Then we use the result about existence of small solutions to linear Diophan- 
tine equations to construct a sequence a' that meets the length constraint of the 
lemma. 

Step 5: Finally, we prove that a' is a h-PS enabled at mi. 

Step 1: Let P u C w(mi) be the set of places p such that some transition t in a 
has effect (t)(p) = lu. If we ensure that for each place p 6 P u , some transition t 
with effect (t)(p) = lu is fired, we can ignore the effect of other transitions on p. This 
is formalized in the following definition of the effect of any sequence of transitions 
<7i =<!••• t r . We define the function Ap^ [aj] : w(mi) — > Z as follows. 



Step 2: Let toi m.2. From Definition!?] wehaveo;(m2) = w(mi). FromDefi- 
nition|2] infer that for any cj-marking m in the run mi — >/i TO2, m(p) < h(nbZu (mi)) 
for all p G P\ Lu(m\). Now we remove some simple loops from a to obtain cr". To 



& 





p e P u , 3i 6 {1, . . . ,r} : effect{ti){p) = lu 
p e P u , Vi € {1, . . .,r} : effect(U)(p) ^ w 
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obtain some bounds in the next step, we first make the following observations on loops. 
Let \P\u(mi)\ = r\. Suppose 7r is a simple loop. There can be at most h(nbZJ (nii)) ri 
transitions in 7r, so — h(nbuj (mi)) Tl R < A p ^[tt](p) < h(nbZJ (mi)) Tl R for any p e 
P. Let B be the matrix whose set of columns is equal to {A [tt] \ tt is a simple loop}. 
There are at most (/i(nbw (mi)) ri 2i?)l p columns in B. We use b, b' , . . . to denote the 
columns of B. 

Now we remove simple loops from a according to the following steps. Let xq = 
be the zero vector whose dimension is equal to the number of columns in B. Begin the 
following steps with i = and tJi = a. 

a. Think of the first (h(nbuJ (mi))l p l + 1) 2 transitions of a t as /i(nbw (mi))' p ' + 1 
blocks of length h(nbuJ (mi))l p l + 1 each. 

b. There is at least one block in which all cj-markings also occur in some other 
block. 

c. Let tt be a simple loop occurring in the above block. 

d. Let o-j+i be the sequence obtained from Oi by removing tt. 

e. Let x i+ i be the vector obtained from Xi by incrementing Xi(Ap uj [tt]) by 1. 

f. Increment i by 1. 

g. If the length of the remaining sequence is more than or equal to (/i(nba7 (mi )) ' p 
+ l) 2 , go back to step a. Otherwise, stop. 

Let n be the value of i when the above process stops. Let a" — a n and x = x n . 
We remove a simple loop 7r starting at an w-marking m only if all the intermediate 
w-markings occurring while firing tt from m occur at least once more in the remaining 
sequence. Hence, for every w-marking m arising while while firing a from mi, m also 
arises while firing a" from mi. We have \o"\ < (h(nbuj (mi))' p l + l) 2 . For each 
column b of B, x(b) contains the number of occurrences of simple loops tt removed 
from a such that A [tt] = b. 

Step 3: For every p G P^, we want to ensure that there is some transition t in the 
shorter h-PS that we will build, such that effect(t)(p) = ui. For the other places, we 
want to ensure that the effect of the shorter h-PS is non-negative. These requirements 
are expressed in the following vector d. 



d(p) 



Recall that for each column b of B, x(b) contains the number of occurrences of simple 
loops tt removed from a such that A p^ [tt] = b and that a" is the sequence remaining 
after all removals. Hence, Ap u [a] — Bx + Ap^ [a"]. Since o is a /i-PS and for every 
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p € Pui, there is a transition t in a such that effect (t)(p) = w, we have 

Apjcr] > cf 

=> Bx > d - A Piu . (13) 

Step 4: We use the following result about the existence of small integral solutions 
to linear equations [2 1, which has been used by Rackoff to give EXP SPACE upper bound 
for the boundedness problems in Petri nets [19. Lemma 4.4]. 

Let di,d,2 G N + , let Abe a d\ x c?2 integer matrix and let a be an integer vector 
of dimension d\. Let d > c?2 be an upper bound on the absolute value of the integers 
in A and a. Suppose there is a vector x G N d2 such that Ax > a. Then for some 
constant c independent of d, d\ , e?2, there exists a vector y G N d2 such that Ay > a 
and y(i) < d cdl for all i between 1 and d%. 

We apply the above result to ( TT3l . Each entry of Ap^ [a"] is of absolute value at 
most (/i(nboJ(mi)) |p| + 1) 2 R. Recall that there are at most (/i(nbtJ (mi)) ri 2i?) |p| 
columns in B, with the absolute value of each entry at most h(nbuJ (m\)) ri R. There 
are \P\ — r\ rows in B. Hence, we conclude that x can be replaced by y such that 
By > d — Ap u [a"] and the sum of all entries in y is at most (/i(nbw (mi))2R) d l p l 
for some constant d'. This expression is obtained from simplifying 

(/ l (nbaJ(mi)) ri 2i?)l p l((/i(nbaJ(mi)) |p| + l) 2 2i?) d " |p|2 

for some constant d". 

For each column b of B, let 7rg be a simple loop of a such that A p u [tiy] = b. 
Recall from step 2 that there is some intermediate w-marking occurring while fir- 
ing a" from m\ such that rag is the o;-marking from which the simple loop 7rg is 
fired in u. Let be the position in a" where rag occurs. Let a' be the sequence 
obtained from a" by inserting y(b) copies of 7rg into a" at the position it for each 
column b of B. Since we insert at most (h(nbuJ (mi))2R) d l p l 3 simple loops, each 
of length at most /i(nbaJ (mi) ) ri , \a'\ < (h(nbuJ ( mi ))2R) d '^ 3 h(nbuj (m 1 )) ri + 
(/i(nbw(TOi))l p l +1) 2 . Choose the constant d s.t. \a'\ < (h(nbu (m 1 ))2R) d ' x 
h{nbuj (mi)) ri + (/i(nbw(mi))l p l + I) 2 < (h(nbZJ (m 1 ))2R) d \ p \ 3 . Now we have 
\o'\ < (/i(nbtJ(mi))2i?) d l p l 3 . 

Step 5: Now we prove that a' is a h-PS enabled at mi. Recall that mi —*h tti2 
and that a' is obtained from a by removing or adding extra copies of some simple 

loops. We infer that mi —-th m 2- Now we show that effect(a') >z 0. Since for any 
simple loop tt in a, effect(ir)(p) — for all p G P \ w(mi), we have effect(a')(p) = 
effect(a)( P )>0. 

For any p G P u , we have (By + A Pw [a"])(p) > d(p) > 1. Hence, y(Ap„ [vr]) > 1 
and Ap a [7r](p) = 1 for some simple loop tt or Ap w [<r"](p) = 1. From the definitions 
of Ap^ [tt] and Ap^ [tr"], the only way this can happen is for some transition t in either 
some simple loop tt or a" to have effect (t) — uj. Hence, there is some transition t in 
a' such that effect (t)(p) = u. Hence, effect(a')(p) = lu. 
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For any p G ui(mi)\P u , we have effect(a')(p) = (By+A P „[a"])(p) > d(p) > 0. 



Proof. [Lemma fTOl Let a' be obtained from a by removing all transitions between any 
two identical w-markings occurring in the run 7773 — ^ 7774. The number of distinct 

w-markings appearing in the run 7773 —>hi m 4 is an upper bound on Among the 
w-markings in this run, 7773 has the maximum number of places not marked uj. Since 
h\ is non-decreasing, we infer from the definition of threshold semantics (Definition^ 
that hi (nbw (113)) ' p is an upper bound on the number of possible distinct w-markings. 

Hence, |er'| < hi(nbUJ (7773))'^. We will now prove that for any run m 3 —thi m 4 
where all intermediate w-markings are distinct from one another, [m 3 ] UJ ^i ll m' 4 
and m' 4 hutrrn) [ m 4\u^h 2 - Th e proof is by induction on nbw (7714) — nbw (m 3 ) (the 
number of places where uj is newly introduced). 

Base case nbu; (7774) — nbo; (7773) = 0: We have \a'\ < hi(nbuJ (777.3)) ' P ' < 
£(nbuj (7773)). For any p' G u)(m 3 ), we have by Definition [2] and Definition [6] that 
[m3]uj->hi (p') = hi(nbZJ (m 3 ) + 1) = 2R£(nbZJ (7773)). We conclude from Proposi- 

tion|2]that [ma]u->hi ^ ™4 and TO 4 ^(m t ) [m^^^- 

Induction step: Let 777,5 be the first w-marking after 7773 such that nbu; (7775) > 

nbuj (7773). Let a' = oitai where 777,3 ~^hi m 6 ~*hi ms ~^hi TO 4- Note that 
due to our choice of 7775, we have w (777,6) = w(ma). In any intermediate marking 
777 7^ 777,3 m me run 7773 — 777,6, m (p) < /7i(nbuJ(m3)) for all p G P \ 1x1(1713) 
(otherwise, p would have been marked ui, contradicting w(tt76) = ^(7773)). Hence 
we have |cti| < /7i(nbuJ(7773))' p '. For any p' G w(777 3 ), we have by Definition [2] 
and Definition |6] that [m^-,/,^') = hi(nbuj (777,3) + 1) = 2R£(nbuJ (m 3 )). We 
conclude from Proposition [2] that [ms^^i — ^ m' e where m' 6 diu(me) m Q an( ^ f° r 
all p' G w(f7i6), m' e (p') > 2R£(nbuj (7773)) — i?/7i(nbZU (777,3)) ' p '. Transition f is 
enabled at m 6 . Let 777 6 A- m 5 , where for any p such that effect(t)(p) = uj, we chose 
m 5(p) > hi(nbuJ (7775) + 1). We now conclude that 7775 >r w ( mB ) [777.5] due to the 
following reasons: 

1. p G P \ cj(77i5): we have 77 G P \ w(me). 

7775(77) = TO@(p) + effect (t) [semantics of cjPN ] 



2. 77 G ^(7715), effect (t)(p) = uj: m' 5 (p) > hx(nbui (7775) + 1) by choice. 

3. p G w(?77 5 ), effect (t)(p) ^ uj, p £ uj{m 6 ): since [777 6 + effect(t)] hl ^. u = m 5 



Hence, effect (a' ) (p) > 0. 



□ 



"^eb) + effect (t) 
m 5 (p) 

[ms]u->hi(p) 



[[m 6 + effect(t)] hl 



m 5 ,m 5 (p) ± uj] 
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and ?TJ5 (p) = lu, 



m 6 (p) + effect{t)(p) > hi(nbuj (m 6 )) 



=>■ me(p) + effect (t)(p) > /ii(nbo; (m.5) + 1) [nbw (m.5) > nbw (me)] 
m '&{P) + e if ec *(*)(p) > ^i(nbcJ(m 5 ) + 1) [m' e d^(m 6 ) m e] 

=> m' 5 (p) > hi(nbuJ (mg) + 1) [semantics of cjPN ] 



4. p e w(m 5 ), effect (t)(p) ^uj,p <E w(m 6 ): 



™s(p) 



= m£(p) + eiferf(t)(p) 
>m' 6 (p)-ii 

> 2i?^(nbuJ(m 3 )) - i?/ii(nbw(m 3 )) |p| - i? 

> i^(nbZJ(m 3 )) - i?/ii(nbaJ(m 3 )) |p| 

= i?(^i(nbcj(m 3 ))2i?) c l p l 3 - i?/n(nbw(m 3 ))l p l 



[semantics of o;PN ] 
[Definition of R] 

[p £ oj(m 6 )} 



[Definition [6] 



> h\ (nbcj (m 3 )) 

> /ii(nbw(m5) + 1) 

The last inequality follows since nbcj (7715) > nbw (m 3 ). 

Since nbw (m.4) — nbw (ms) < nbw (7714) — nbw (m 3 ) and all intermediate w- 
markings in the run 7715 ^-^h t m.4 are distinct from one another, we have by induction 
hypothesis that [m 5 ] Mkl ^> m 4 ' and ^ w (m 4 ) [m 4 ] w ^/ l2 . Since [1713]^/,, 
m@ A mg, m£ ^ u(ms ) [ms]^^ and [m 5 ] w ^ hl m 4 ', we infer by strong mono- 

tonicity that [m a ] u ^hi ai aa > m 4 and m 4 h w ( TO 4) ["u] w ->/i 2 . □ 
Proof. [Lemma [T2l By induction on i. For the base case i = 0, the result is obvious 
since by Definition^ £{0) = (2R) c \ p \ 3 . 
Induction step: 



□ 

Proof. [Theorem [2) Since wPN generalise Petri nets, and since termination is Ex- 
pSpace-c for Petri nets [QjD, termination is ExpSPACE-hard for wPN. Let us now 



t{i + l) = (h^i + 1)2R) C ^ 3 



[Definition|6) 
[Definition[6] 



= (2R£(i) • 2 • i?) c l p l 3 
= (4i? 2 ) c l p l 3 (^)) c l p l 3 
= (2i?) 2c l p l 3 (^)) c l p l 3 



< (2i?) 2c l p l 3 ((2 J R) fcl+1 l p l 3< ' +1, ) c l p l 
= (2i?) 2c l p l 3 (2 J R) cfcl+1 l p l 3< ' +2) 



[Induction hypothesis] 
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show that termination for cjPN is in ExpSpace. We have from Lemma[3]that an wPN 
N does not terminate iff it admits a self-covering execution. From LemmafTTl it admits 
a self-covering execution iff it admits one whose sequence of transitions is of length 
at most £(\P\). The following non-deterministic algorithm can guess and verify the 
existence of such a sequence. It works with w-markings, storing uj in the respective 
places whenever an ^-transition is fired. 

Input An ljPN Af, with initial marking too. 

Output SUCCESS if a self-covering execution is guessed, FAIL otherwise. 

1 counter := 

2 m : = mo 

3 if counter > 1{\P\) 

4 return FAIL 

5 else 

non-deterministically choose a transition t 

7 if t is not enabled at m 

8 return FAIL 

9 else 

10 m := m + effect (t) 

11 counter := counter + 1 

12 non-deterministically go to line \3\ or line 1131 

13 in m, replace oj by R£(\P\) 

14 mi := m 

15 if counter > 1{\P\) 

16 return FAIL 

17 else 

18 non-deterministically choose a transition t 

19 if t is not enabled at mi 
2 return FAIL 

21 else 

2 2 mi : = mi + effect (t) 

23 counter := counter + 1 

24 non-deterministically go to line 1151 or line 12 51 

25 if mi y m 

2 6 return SUCCESS 

27 else 

2 8 return FAIL 

The above algorithm tries to guess a sequence of transitions o\02 such that too — 4- 
to toi, guessing o\ in the loop between lines[3]and[T2]and 02 in the loop between 
lines Q3] and [24] If M admits a self-covering execution with sequence of transitions 
<j\02 such that |<7i<72| < then the execution of the above algorithm that guesses 

(7i<72 will return SUCCESS. If all executions of M are finite, then all executions of the 
above algorithm will return FAIL. 

The space required to store the variable "counter" in the above algorithm is at 
most log(£(|P|)). The space required to store to and toi is at most |P|(||mo||oo + 
log(i?^(|P|))). Using the upper bound given by Lemma[T2l we conclude that the mem- 
ory space required by the above algorithm is O ( | P \ log ||too||oo+^' P ' +1 |-P| 3 ' P ' +4 log R ) ■ 
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This can be simplified to 0(2 C p ' log p l (logi? + log||mo||oo))- Using the well known 
Savitch's theorem to determinize the above algorithm, we get an EXPSPACE upper 
bound for the termination problem in a>PN. □ 
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